find-sec-bugs
shellharden
Our great sponsors
| find-sec-bugs | shellharden | |
|---|---|---|
| 8 | 16 | |
| 2,204 | 4,543 | |
| 1.2% | - | |
| 6.1 | 5.0 | |
| about 2 months ago | about 1 month ago | |
| Java | Rust | |
| GNU Lesser General Public License v3.0 only | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
find-sec-bugs
- Find Security Bugs
-
What are some useful static analyzers for Java?
SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
Enforcing Coding Best Practices using CI
SpotBugs with Find sec bugs for Java
-
Conducting SAST for Java Applications
How can the article fail to mention Find Security Bugs (find-sec-bugs) when talking about using SpotBugs (ex-FindBugs) for analyzing code for security issues?
-
Design an Effective Build Stage for Continuous Integration
Find Security Bugs uses a security database to detect almost 140 different vulnerability types in Java web applications.
-
ShellCheck: A static analysis tool for shell scripts
find-sec-bugs does that. It's used by, for example, SonarQube.
See hhttps://github.com/find-sec-bugs/find-sec-bugs/blob/master/f... and do a "CTRL-F" and search for "References".
shellharden
-
Shellcheck finds bugs in your shell scripts
Everytime I see Shellcheck coming up, I have to mention shellharden[0] written by a colleague of mine. It is basically shellcheck but it applies the suggested changes automatically.
0: https://github.com/anordal/shellharden
-
similar to shellcheck?
Also worth mentioning shellharden
-
Bash Pitfalls
See also:
* https://www.shellcheck.net/ — linting tool to avoid common mistakes and improve your script
* Bash Practices: https://mywiki.wooledge.org/BashGuide/Practices
* Bash Pitfalls: https://mywiki.wooledge.org/BashPitfalls
* safe ways to do things in bash: https://github.com/anordal/shellharden/blob/master/how_to_do...
* better scripting: https://robertmuth.blogspot.in/2012/08/better-bash-scripting...
* robust scripting: https://www.davidpashley.com/articles/writing-robust-shell-s...
-
Code formatter, linters, etc. Recommendations?
There is shellcheck, and shellharden which is a strict version of it. There are similar stuff here, some that also help with your editor. You can also use a docker version of shfmt. See here for a quick tutorial on shfmt.
-
What is best Method of Submitting Bash Script, short Python ignorance confession (lament.)
Regarding linters, there are several of them in most languages.For bash, there is Shellcheck or a more strict (and sometimes confusing) Shellharden to do exactly what you want.
-
Awesome Rewrite It In Rust - A curated list of replacements for existing software written in Rust
For example, shellharden looks awesome.
- anordal/shellharden Safe ways to do things in bash
- How to do things safely in Bash
- How to do things safely in Bash (2018)
What are some alternatives?
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
ShellCheck - ShellCheck, a static analysis tool for shell scripts
semgrep-rules - Semgrep rules registry
shfmt - Dockernized shfmt. This formats shell script.
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
shfmt - A shell formatter (sh/bash/mksh)
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
azure-policy - Repository for Azure Resource Policy built-in definitions and samples
static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
sh - A shell parser, formatter, and interpreter with bash support; includes shfmt
infer - A static analyzer for Java, C, C++, and Objective-C
rust_cmd_lib - Common rust command-line macros and utilities, to write shell-script like tasks in a clean, natural and rusty way